TLDR: Use environment variables! I think @Bryce’s comment offers an answer, which I’ll just flush out. It seems one approach Heroku recommends is to use environment variables to store sensitive information (API key strings, database passwords). So survey your code and see in which you have sensitive data. Then create environment variables (in your .bashrc … Read more
There is no real perfect solution. No matter what you do, someone dedicated to it will be able to steal it. Even Twitter for iPhone/iPad/Android/mac/etc. has a secret key in there, they’ve likely just obscured it somehow. For example, you could break it up into different files or strings, etc. Note: Using a hex editor … Read more
Let me try to break down your question to multiple subquestions/assumption: Assumptions: a) Keychain is safe place Actually, it’s not that safe. If your application is installed on jailbroked device, a hacker will be able to get your keys from the keychain Questions: a) Is there a way to put some key into an app … Read more
Don’t know what language you are using, but for example in C/C++ you’d add a include file with the API keys, and then leave it out of source control, instead add a bogus file with explicitly fake API keys. Most languages have one or the other way to include files.
For authentication keys, create a random value and store that value in a database. random() provides insufficient entropy for things like this, so use os.urandom(). The link you posted to has a very good example of how to handle things with a decorator function. In the decorator function, check the appkey value is set in … Read more
You should consider using .env files and read the keys from the environmental variables. How to do so depends on the language and tools you use (for node.js, php, etc.). You can exclude .env file from commits by adding .env to the .gitignore. You can also upload an example configuration .env.example with dummy data or … Read more
Whilst it is true that V3 of the Google Maps API does not require an API key, it is there for a reason. Google recently introduced the following usage limits: Web sites and applications using each of the Maps API may at no cost generate: up to 25,000 map loads per day for each API … Read more
1. How to use variables in index.html? Answer 1 : Please go through Adding Custom Environment Variables to find out how to add environment variables of the type that you have shown as an example. 2. Doesn’t the API key still end up in the bundle? Answer 2 : Even when you have your key … Read more